My paper on Writing Access Control Policies for LDAP is now available
on the web. Here is the abstract:
Writing Access Control Policies for LDAP
Access Control systems vary from one LDAP server to the next. All
of them can implement simple policies, but it may be necessary to
design the DIT around the access control requirements. In more
complex cases it is essential to choose a server with a very
flexible access control language. There are a number of pitfalls
in ACL design, and some requirements cannot be implemented by
many of the commonly used server products.
This paper suggests an approach to designing and testing access
control rules. It includes worked examples to illustrate some
common use-cases.
I have also published the slides that I used when presenting the paper
at the UKUUG conference in London, and a tarball with the examples and
test-suites mentioned in the paper.
http://www.skills-1st.co.uk/papers/ldap-acls-jan-2009/
Comments are welcome.
Andrew
--
-----------------------------------------------------------------------
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
| http://www.skills-1st.co.uk/ +44 1628 782565 |
-----------------------------------------------------------------------
